CVE-2025-11666

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

CVE-2025-11666

CVE-2025-11666 affects Tenda RP3 Pro firmware up to version 22.5.7.93. The vulnerability resides in the Firmware Update Handler’s force_upgrade.sh, where manipulating the current_force_upgrade_pwd argument can trigger use of a hard-coded password. Local attack required. Public exploit exists. Rem...

CVE-2025-11666 Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

CVE-2025-11666 Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

EUVD-2025-33916

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

CVE-2025-36087

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

CVE-2025-36087

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

Security Bulletin: Security vulnerability has been found in IBM Verify Identity Access/IBM Security Verify Access (CVE-2025-36087)

Summary Security vulnerability has been addressed in IBM Verify Identity Access/IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-36087 DESCRIPTION: IBM Security Verify Access, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key,...

CVE-2025-36087 IBM Security Verify Access hard coded credentials

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

CVE-2025-36087

The CVE-2025-36087 affects IBM Security Verify Access and IBM Verify Identity Access (and their container equivalents). Affected products/versions include IBM Security Verify Access 10.0.0–10.0.9 and 11.0.0, IBM Verify Identity Access Container 10.0.0–10.0.9 and 11.0.0. The issue is hard-coded cr...

CVE-2025-36087 IBM Security Verify Access hard coded credentials

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

EUVD-2025-33912

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...

PT-2025-41743

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access versions 10.0.0 through 10.0.9 and 11.0.0 IBM Verify Identity Access Container versions 10.0.0 through 10.0.9 and 11.0.0 Description The software contains hard-coded credentials, such as passwords or cryptographic...

Tenda RP3 Pro 安全漏洞

Tenda RP3 Pro is an indoor wireless PTZ camera from Tenda China. A security vulnerability exists in Tenda RP3 Pro version 22.5.7.93 and earlier, which originates from a hard-coded password in the parameter currentforceupgradepwd in the file forceupgrade.sh, which could lead to a local attack...

PT-2025-41760

Name of the Vulnerable Software and Affected Versions Tenda RP3 Pro versions through 22.5.7.93 Description A security issue exists in Tenda RP3 Pro up to version 22.5.7.93, specifically within the Firmware Update Handler component. Manipulation of the current force upgrade pwd argument in the for...

VulnCheck KEV: CVE-2024-9643

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

IBM Security Verify Access（ISAM）和IBM Verify Identity Access Container 信任管理问题漏洞

IBM Security Verify Access ISAM and IBM Verify Identity Access Container are both products of International Business Machines IBM.IBM Security Verify Access is a service that improves user access security.IBM Verify Identity Access Container is containerized software that provides authentication...

WordPress Copypress Rest API plugin code execution vulnerability

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

Kiloview N30 安全漏洞

Kiloview N30 is an NDI encoder from Kiloview UK. A security vulnerability exists in the Kiloview N30 version 2.02.246, which stems from the inclusion of hard-coded TLS private keys and certificates in the firmware, which could lead to a man-in-the-middle attack...